Section 1: Security Overview Flashcards
What is Confidentiality?
Information has not been disclosed to unauthorized people (anything that mentions encryption has to do with confidentiality)
What is Integrity?
Information has not been modified or altered without proper authorization (for example, a bank teller can’t change your bank balance wily nilly; hashing)
What is availability?
Information is able to be stored, access, or protected at all times
What are the three A’s
Authentication, Authorization and Accounting
Authentication
When a person’s identity is established with proof and confirmed by a system (entering in email and password and granted access, for example)
What are the five methods of authentication?
Something you know, something you are, something you have, something you do and somewhere you are
What is authorization?
Occurs when a user is given access to a certain piece of data or certain areas of a building
What is accounting?
Tracking of data, computer usage, and network resources (usually put in a log file)
What is malware?
Short-hand term for malicious software (trojan horses, spyware, rootkits, adware, ransomware, etc.)
Unauthorized Access
Occurs when access to computer resources and data happens without the consent of the owner (guessing a password, etc.)
System Failure
When a computer crashes or system fails (BSOD, etc.)
Social Engineering
Act of manipulating users into revealing confidential information (phishing, etc.)
What are the three categories that can be used when mitigating threats?
Physical, technical, and administrative controls
Physical Controls
Alarm systems, locks, surveillance cameras, id cards, closed circuit tv
Technical Controls
Smart cards, encryption, access control lists, intrusion detection systems, and network authentication
Administrative Controls
Policies, procedures, security awareness training, contingency planning, and disaster recovery plans